API: Do not expose user input in datasource error responses (#53483)

2025-02-25 18:55:37 -06:00 · 2022-09-05 16:10:45 +03:00 · 2022-09-05 16:10:45 +03:00 · 950715b255
commit 950715b255
parent 11de1dfe40
1 changed files with 3 additions and 3 deletions
--- a/pkg/api/datasources.go
+++ b/pkg/api/datasources.go
@ -107,7 +107,7 @@ func (hs *HTTPServer) GetDataSources(c *models.ReqContext) response.Response {
 func (hs *HTTPServer) GetDataSourceById(c *models.ReqContext) response.Response {
 	id, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "id is invalid", err)
+		return response.Error(http.StatusBadRequest, "id is invalid", nil)
 	}
 	query := datasources.GetDataSourceQuery{
 		Id:    id,
@ -605,7 +605,7 @@ func (hs *HTTPServer) GetDataSourceIdByName(c *models.ReqContext) response.Respo
 func (hs *HTTPServer) CallDatasourceResource(c *models.ReqContext) {
 	datasourceID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
 	if err != nil {
-		c.JsonApiErr(http.StatusBadRequest, "id is invalid", err)
+		c.JsonApiErr(http.StatusBadRequest, "id is invalid", nil)
 		return
 	}
 	ds, err := hs.DataSourceCache.GetDatasource(c.Req.Context(), datasourceID, c.SignedInUser, c.SkipCache)
@ -742,7 +742,7 @@ func (hs *HTTPServer) CheckDatasourceHealthWithUID(c *models.ReqContext) respons
 func (hs *HTTPServer) CheckDatasourceHealth(c *models.ReqContext) response.Response {
 	datasourceID, err := strconv.ParseInt(web.Params(c.Req)[":id"], 10, 64)
 	if err != nil {
-		return response.Error(http.StatusBadRequest, "id is invalid", err)
+		return response.Error(http.StatusBadRequest, "id is invalid", nil)
 	}

 	ds, err := hs.DataSourceCache.GetDatasource(c.Req.Context(), datasourceID, c.SignedInUser, c.SkipCache)